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1 . Claims 1 -20 are presented for examination. 

Claim Objections 

2. Claim 16 is objected to because it claims dependency to itself, which is deemed 
a typographical error. It is assumed to be dependent upon claim 13 and will be 
referenced so for the remainder of the examination. 

Appropriate correction is required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claims 5-7 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. See MPEP § 7.34.01. 

4. Regarding claims 5-7, the phrases "can" and "can be" render the claims indefinite 
because it is unclear whether the limitations following the phrase are part of the claimed 
invention. See MPEP § 2173.05(d). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Garrison, Greg B. (hereinafter Garrison), US 6,336,1 14, in view of Yamamoto et al. 
(hereinafter Yamamoto), US 2001/0044903. 

6. As per claim 1 , Garrison teaches a distributed access control system that 
restricts access to secured items, said system comprising: 

local server(s) including a local module that provides local access control (Col. 3, 
lines 66-67; Col. 4, lines 1-9; Col. 7, lines 31-42; Col. 8, lines 40-51). 

wherein the access control, performed by said central server or said local 
servers, operates to permit or deny access requests to the secured items by requestors 
(Col. 3, lines 66-67; Col. 7, lines 31-42; Col. 8, lines 40-51). 

7. Garrison does not teach a system comprising: 

a central server having a server module that provides overall access control; and 
a plurality of local servers. 

8. Yamamoto teaches a distributed access control system comprising: 

a central server having a server module that provides overall access control 
(Paragraphs [0083], [0086], [0092], [0096] and [0100]); and 

a plurality of local servers (Paragraphs [0080] and [0095-0096]). 

9. It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the teachings of Yamamoto and Garrison because they both deal 
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with providing and restricting access to data over a communication network. 
Furthermore, the teaching of Yamamoto to allow a central server having a server 
module that provides overall access control and a plurality of local servers would 
improve the functionality of Garrison's system by allocating a central server to authorize 
and grant access to the overall network therefore increasing security and protecting 
digital assets of the network. 

10. As per claim 2, Garrison teaches a distributed access control system as recited 
in claim 1, wherein said access control system restricts access to the secured files 
stored in a data storage device (Col. 3, lines 22-29; Col. 1 1 , lines 27-42). 

1 1 . Garrison does not teach a distributed access control system coupled to an 
enterprise network. 

12. Yamamoto teaches a distributed access control system coupled to an enterprise 
network (Paragraphs [0002], [0074] and [0114]). 

1 3. It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the teachings of Yamamoto and Garrison because they both deal 
with providing and restricting access to data over a communication network. 
Furthermore, the teaching of Yamamoto to allow wherein a distributed access control 
system is coupled to an enterprise network would improve the functionality of Garrison's 
system by increasing the amount of information that can be shared and accessed thus 
increasing the influx of data retrieval capability. 
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14. As per claim 3, Garrison teaches a distributed access control system as recited 
in claim 2, wherein the access requests are at least primarily processed by said local 
servers (Col. 7, lines 31-42; Col. 8, lines 40-51). 

15. As per claim 4, Garrison teaches a distributed access control system as recited 
in claim 3, wherein when the access requests are processed said local servers, the 
requesters gain access to the secured files without having to access said central server 
(Col. 7, lines 31-42; Col. 8, lines 40-51). 

16. As per claim 5, Garrison teaches a distributed access control system as recited 
in claim 2, wherein the local modules can operate independent of said central server 
and other said local servers (Col. 7, lines 14-24, lines 31-42, lines 43-64). 

17. Garrison does not teach a system wherein copying to the local server in 
reference to the central server (Paragraph [0097]). 

18. It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the teachings of Yamamoto and Garrison because they both deal 
with providing and restricting access to data over a communication network. 
Furthermore, the teaching of Yamamoto to allow wherein copying to the local server in 
reverence to the central server would improve the functionality of Garrison's system by 
updating the privileges that a local server grants access to its data storage by 
implementing the central servers (entire networks) access scheme which would 
maintain a consistent security barrier if the central server is down or the connection is 
not available. 
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19. As per claim 6, Garrison teaches a distributed access control system as recited 
in claim 2, wherein the local module can be a subset of the server module (Col. 7, lines 
14-24, lines 43-67; Col. 8, lines 1-6). 

20. As per claim 7, Garrison teaches a distributed access control system as recited 
in claim 2, wherein access permissions for said local servers can be dynamically 
configured to pass a requester from one of said local servers to another of said local 
servers, thereby enabling access control to be performed by the another of said local 
servers such as when the location of the requestor changes (Col. 8, lines 10-51). 

21 . As per claim 8, Garrison teaches a distributed access control system as recited 
in claim 2, wherein the secured items are secured files (Abstract, Col. 6, lines 557-66). 

22. As per claim 9, Garrison teaches a distributed access control system as recited 
in claim 2, wherein the secured items are secured by encryption (Col. 6, lines 43-66). 

23. As per claim 10, Garrison teaches a method for providing access management 
through use of a plurality of server machines associated with different locations, said 
method comprising the acts of: 

(a) authenticating a user with a first server machine of the plurality of server 
machines with respect to a prior access request (Col. 7, lines 31-42); 

(b) subsequently receiving a current access request to access a secured item via 
a second server machine of the plurality of server machines (Col. 8, lines 10-60); 

(c) reconfiguring the first server machine to prevent further access by the user to 
secured items via the first server machine (Col. 12, lines 16-46); and 
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(d) reconfiguring the second server machine to permit access by the user to at 
least the secured item via the second server machine (Col. 8, lines 10-51). 

24. As per claim 1 1 , Garrison teaches a method as recited in claim 10, wherein said 
authenticating (a) authenticates both the user and a client machine being used by the 
user (Col. 7, lines 31-42). 

25. As per claim 12, Garrison teaches a method as recited in claim 10, wherein the 
first server machine and the second server machine are access points for the user to 
gain access to secured items (Col. 7, lines 31-42; Col. 8, lines 10-51). 

26. As per claim 13, Garrison teaches a method as recited in claim 10, 

wherein when the user is at a first location, the user interacts over a network with 
the first server machine using a first client machine as the first location (Fig. 1 ; Col. 3, 
lines 9-14; Col. 4, lines 18-22; Col. 7, lines 31^42; Col. 13, lines 49-50). 

wherein the user interacts over a network with the second server machine ((Fig. 
1; Col. 3, lines 9-14; Col. 4, lines 18-22; Col. 7, lines 31-42; Col. 8, lines 10-61; Col. 13, 
lines 49-50). 

27. Garrison does not teach a method wherein when the user is at a second location, 
the user interacts using a second client machine at the second location. 

28. Yamamoto teaches a method wherein when the user is at a second location, the 
user interacts using a second client machine at the second location (Paragraphs [0095- 
0096] and [0188]). 

29. It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the teachings of Yamamoto and Garrison because they both deal 
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with providing and restricting access to data over a communication network. 
Furthermore, the teaching of Yamamoto to allow wherein when the user is at a second 
location, the user interacts using a second client machine at the second location would 
improve the functionality and security of Garrison's system by allocating another set of 
privileges and access rights per the digital assets for each individual client connecting to 
the network. 

30. As per claim 14, Garrison teaches a method as recited in claim 13, wherein said 
method further comprises at least the acts of: 

(f) determining, prior to said reconfiguring (c) or (d), whether the user is permitted 
to gain access from a second location to secured items via the second server machine 
(Col. 8, lines 10-61). 

31. As per claim 15, Garrison teaches a method as recited in claim 13, wherein said 
authenticating (a) of the user occurs while the user is at a first location (Fig. 1 ; Col. 3, 
lines 9-14; Col. 4, lines 18-22; Col. 7, lines 31-42; Col. 13, lines 49-50), and wherein 
said receiving (a) of the access request to access the secured item (Col. 8, lines 10-61). 

32. Garrison does not teach a method wherein the user can access information at a 
second location. 

33. Yamamoto teaches a method wherein a user can access information at a second 
location (Paragraphs [0095-0096] and [0188]). 

34. It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the teachings of Yamamoto and Garrison because they both deal 
with providing and restricting access to data over a communication network. 
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Furthermore, the teaching of Yamamoto to allow wherein a user can access information 
at a second location would improve the functionality of Garrison's system by expanding 
the network and availability of digital assets that can be shared or accessed, thus 
increasing the influx of data retrieval capability. 

35. As per claim 16, Garrison does not explicitly teach the method as reciting in claim 
13, wherein said method further comprises at least the acts of: 

(e) determining permitted locations from which the user is permitted to gain 
access to secured documents; 

(f) determining whether the second location is one of the permitted locations for 
the user; and 

(g) bypassing said reconfiguring (c) or (d) when said determining (f) determines 
that the second location is not one of the permitted locations for the user. 

36. Yamamoto teaches a method wherein said method comprises acts of: 

(e) determining permitted locations from which the user is permitted to gain 
access to secured documents (Paragraphs [0002], [0032], [0074] and [0109]); 

(f) determining whether the second location is one of the permitted locations for 
the user (Paragraph [0109; page 10, claim 1); and 

(g) bypassing said reconfiguring (c) or (d) when said determining (f) determines 
that the second location is not one of the permitted locations for the user (Paragraph 
[0109]). 

37. It would have been obvious to one of ordinary skill in the art at the time of the 
invention to combine the teachings of Yamamoto and Garrison because they both deal 
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with providing and restricting access to data over a communication network. 
Furthermore, the teaching of Yamamoto to allow (e) determining permitted locations 
from which the user is permitted to gain access to secured documents; (f) determining 
whether the second location is one of the permitted locations for the user; and (g) 
bypassing said reconfiguring (c) or (d) when said determining (f) determines that the 
second location is not one of the permitted locations for the user would improve the 
functionality and security of Garrison's system by determining the access privileges 
pertaining the each user and their subsequent location so that the digital assets can be 
accessed and maintained securely. 

38. Claim 17 does not teach or define any new limitations above claim 13 and 
therefore is rejected for similar reasons. 

39. Claim 18 does not teach or define any new limitations above claim 10 and 
therefore is rejected for similar reasons. 

40. Claims 19-20 do not teach or define any new limitations above claims 13-14 and 
therefore are rejected for similar reasons. 
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Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. The following patents and publications are cited to further show 
the state of the art with respect to "System And Method For Providing Distributed 
Access Control To Secured Items". 





US 6,442,695 


Dutcher et al. 


ii. 


US 2002/0042756 


Kumar et al. 


iii. 


US 2005/0021467 


Franzdonk, Robert 


iv. 


US 2002/0069272 


Kim et al. 



A shortened statutory period for reply to this Office action is set to expire in 
THREE MONTHS from the mailing date of this action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nicholas Martin whose telephone number is (571) 272- 
3970. The examiner can normally be reached on Monday - Friday 8:30 a.m. - 5:30 
p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John A. Follansbee can be reached on (571 ) 272-3964. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Nicholas Martin 
Art Unit 2154 
April 25, 2005 




